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What Is a Blockchain? 


LAYER 3 User Interface (e.g., web3) 


LAYER 1.5 Compute Layer (blockchain computer) 


LAYER 1: Consensus Layer (Informal) 
A public data structure (ledger) that provides: 


Persistence: once added, data can never be removed" 
Consensus: all honest participants have the same data" 
Liveness: honest participants can add new transactions 


Open(?): anyone can be a participant (no authentication) 


LAYER 1 Consensus Layer 
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This Not a New Problem ... 


State machine replication: 
studied since the 1980s 


Google, Amazon, Bank of America, 
all have lots of servers: 


٠ need to ensure state Is consistent 
across all servers 


٠ Known # of servers, 
and all are authorized. 
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How Are Blocks Added to Chain? 


BLOCKCHAIN 
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Open Consensus: How? 


PROOF-OF-WORK PROOF-OF-STAKE 


First party to solve puzzle Fast block creation 
creates next block 
No energy waste 


٠ Sybil resistant selection 


of a random party But more complex 


Problems: à 
: Slow, wastes energy V © thereum 
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LAYER 1.5: the Blockchain Computer 


APP logic is encoded in a program that runs on blockchain 
٠ Rules are enforced by a public program (public source code) 
> transparency: no single trusted 3rd party 
The APP program is executed by parties who create new blocks 


> public verifiability: anyone can verify state transitions 


LAYER 1.5 Compute Layer (blockchain computer) 


LAYER 1 Consensus Layer 


al6z 


(2020 Andreessen Horowitz. All rights reserved worldwide. 


Running Programs on a Blockchain (APPs) 


BLOCKCHAIN WIN 


Program Code 


Create an APP 


LAYER 1.5 Compute Layer (blockchain computer) 


LAYER 1 Consensus Layer 
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Execution Environment 


BITCOIN SCRIPT 


A LIMITED COMPUTING 
ENVIRONMENT 


: Limited instruction set (no loops) 


٠ Sufficient for some tasks: 
٠ atomic swaps, 
: payment channels, ... 
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ETHEREUM 


GENERAL PROGRAMMING 
ENVIRONMENT (SOLIDITY, WEB3) 


: EVM is a general purpose 


computing environment 


: APP code updates internal state in 


response to transactions 


: Calling APP costs fees (gas) 
: prevents DoS on miners 
storing on-chain state costs fees 
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General Execution Environments 


Recent projects 
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WebAssembly 


as the bytecode 
format 


Web development 
tools can be 


used to develop 
blockchain APPs 
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Decentralized Applications (APPs) 


Hun on 


blockchain 
computer 
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LAYER 2 Applications (Solidity, Move, Motoko) 


LAYER 1.5 Compute Layer (blockchain computer) 


LAYER 1 Consensus Layer 
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Common APP Architecture 
End User 


Layer 4: user facing servers 


BLOCKCHAIN COMPUTER 
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Ethereum's DeFI 


request 
network 


INFRASTRUCTURE 
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Detailed APPs in Coming Lectures... 
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Blockchain Crypto Primitives 


Blockchains are a consumer of advanced cryptographic primitives 


Digital | ! 
signatures Merkle | ZE 


proof systems 


L | commitments | 


Important Primitives 
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Digital Signatures 


Physical Signatures 


Goal: bind transaction to author 


Bob agrees to pay Alice $1 


Problem in the digital world...anyone can copy Bob's signature from one doc to another 
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Digital Signatures 


Solution: make signature depend on document 
SIGNER VERIFIER 


‘ACCEPT’ 
VERIFY 
ALGORITHM 0 


'REJECT' 
SIGNATURE | 
SIGN 
Ben — ALGORITHM =) 
Secret Signing 


Public Verification 
Key (sk) Key (pk) 
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Bob agrees to pay Alice 1 
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Signatures on the Blockchain: Used Everywhere 


٠ Ensure Tx authorization 
- Governance votes 


* Consensus protocol votes 
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BLS Signature Aggregation 


Anyone can compress n signatures into a single signature 
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No need to store list of signatures on the blockchain 
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Aggregation on the Blockchain 


Tx1 Tx2 Tx3 


Data Signatures Data Signatures Data Signatures E E E 


SIGNATURE 5 SHRINK 
AGGREGATION BLOCKCHAIN 


e 


©2020 Andreessen Horowitz. All rights reserv 


al6z 


Commitments 

Cryptographic commitment: emulates an envelope 
Many applications: e.g., an APP for a sealed bid auction 

٠ Every participant commits to its bid, 


- Once all bids are in, everyone opens their commitment 
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Crypto Commitments 


Syntax: a commitment scheme is two algorithms 
. Commit (data) ==> (com, open) 


. Verify (data, com, open) => accept or ‘reject’ 


Security properties (informal): 
٠ Binding: Bob cannot produce two valid openings 


٠ Hiding: com reveals nothing about committed data 
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Committing to a luple of Values: Merkle Trees 


HEN 


GOAL: 


SUCCINCT 
COMMITMENT - Commit to tuple S 


: Later, provide a short proof 
that x, is the 4th element in S 


Proof length = O(log ISI) 


Tuple of values S 
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Many Applications: 1) Short Proof of Payment 


Bob: has all block hashes 


Alice: wants to prove she 
paid Bob 2ETH 


Merkle Tree commitment 
to all Tx in block ٠ Alice sends a short 


Merkle proof to Bob 
٠ 1000 Ix in block short proof 
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2) Keeping State off the Chain 


Database of account balances 
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Merkle tree 
commitment 


off-chain servers 
store balances, 


on-chain: 
only short commitment 


Alice can prove her 
balance (10) to anyone 
with a short proof 
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2) Keeping State off the Chain 


Database of account balances 
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off-chain servers 
store balances, 


on-chain: 
only short commitment 


Alice can prove her 
balance (10) to anyone 
with a short proof 


Tx can update committed 
state. Chain validates Tx. 
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Zero Knowledge Proof Systems 


What Is a Proof System? (Informal) 


GOAL: prover wants to convince a verifier that a statement is true 


STATEMENT 
| have a signature on Tx 


WITNESS 
signature 


STATEMENT 
prover has signature on Tx 


Proof: T ACCEPT 


_ÂÂ  Ô`Ó>` جل‎ OR 
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PROVER VERIFIER 


What is a statement: program(statement, witness) > 'O' or ‘1’ 
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Properties of a Proof System 


Complete: if statement is true, prover can convince verifier 
Succinct proof: proof is short (logarithmic in statement size) 
Fast verification: verification is fast (logarithmic in statement size) 


Efficient proof generation: generating the proof takes linear time 


SNARK | 


SECURIT Y: 


Sound: prover cannot convince verifier of a false statement 


Zero knowledge (optional): verifier learns nothing about the witness 


zkSNARK 
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Application 1: Scalability (Rollup) ... no ZK 


TODAY: every miner must verify every posted Tx 


VERIFY ALL TX 
=> SUCCINCT PROOF TT 
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Application 2: Private Data on a Public Blockchain 


TODAY: Data on blockchain is public 3 
Businesses cannot use for private B2B applicatiar 
PUBLIC 


Emm VERIFIABILITY 


A different approach: only post hiding commitments »* blockchain 


com(APP code), 


com(Tx), com(Tx;), 


com(state)) 


ZKP: 


ZKP2 


com(stateg) com(state;) 


ZKP: ZK proof that [state;, Ix; > State;4| is consistent with APP code 


state transition 
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When Io Use a Blockchain? 


BLOCKCHAIN # DATABASE 


Always ask: why not use a centralized system? 


- Blockchain positives: 
- used when there is no single party trusted by everyone 


: Negatives: slower and more complex than a centralized system 
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The End 
Excited To See Your Blockchain Apps!! 


